Lab Notes

The link whoring in it suggests that I shouldn't give this article on "The Laws of Identity" much credence, but it's still an interesting read. The most important law of identity is number two ("Minimal Disclosure for a Constrained Use"), and it's also the reason that the laws are mostly pointless. Yes, organizations should collect only the information they need, the problem is, there is a lot more information they want.

The problem with most identity system proposals (including any based on the ideas in the article) is that they aren't designed with the intention of benefiting consumers. The systems are designed to benefit businesses, and then are used to sell the systems to consumers. If Microsoft keeps a file on me, that's to their benefit, not mine. All I get out of the deal is some vague assurances that they'll try not to sell the information identity thieves. My own policy is to not give out any unnecessary information rather than trust a website's promise.